Note that during these interviews I also moderate thus quality may vary.
Profile 🐝
- Bachelors degree computer science
- Works at X as a pentester
- Started bug bounties in 2014
- First bug was N/A
- 2015 take a look at Twitter
- Didn’t take long to find an issue but thought it wasn’t one
- Received $700 bounty = “simple” bug
Journey 🐝
- Elementary school
- Didn’t have a mentor
- Doesn’t want to owe anyone
- Finds it hard to ask for help
- Wants to do it on his own
- Ditched this mindset
- It’s the community that matters
- You take stuff and give back
- Cannot keep up on your own
- It’s the community that matters
Certification 🐝
- Doesn’t have cert
- Doesn’t think cert is necessary
Programming 🐝
- Useful in the long run
- Required for more advanced bugs
- Sometimes you have to make your own script/tool for a unique use-case
- Javascript is recommended
- Electron
- Node.js
- Postmessage
Not required for 🐝
- IDOR
- Logical flaws
- Authentication bypass
Tools 🐝
- Not a fan of tools
- Likes to do things manual and get a deep understanding
- Uses fiddler
Reconless 🐝
- filedescriptor, Ron Chan, and EdOverflow
- Wasn’t a lot of reconless content out there for bug bounty
- Original HackerOne videos were boring
- Felt he was ready to make educational content
- Clickjacking blog post got a lot of upvotes on HackerNews
- https://www.youtube.com/channel/UCCp25j1Zh9vc_WFm-nB9fhQ
Bug bounties 🐝
- Doesn’t do bug bounties a lot unless it’s a live event
- Highly competitive
- Repetitive as his job is pen testing
- Enjoys collaboration as he can focus solely on the hacking part
mindset 🐝
- Never give up
- wrong: if you fail a lot you start thinking that you cannot find any bugs
- Imposter syndrome
- He deals with it a lot
- Want to prove yourself
- Start comparing yourself to people that post write-ups of difficult bugs
- Burn out
- Still burned out
- Enjoys technical aspect, bypasses etc.
- Still burned out
- Proponent of hack to learn
- During the process you learn the most
Links 🐝
- Interview